Packet capture and network traffic replay
First Claim
1. One or more tangible computer-readable storage media encoding computer-executable instructions for executing on a computer system a computer process, wherein the computer-readable storage media is not a carrier wave or propagating signal and the computer process further comprises:
- intercepting network traffic of an enterprise network directed to a target destination;
copying the intercepted traffic;
replaying the copied network traffic outside of the enterprise network to an end destination other than the target destination wherein the intercepting, copying, and replaying of each individual packet of the network traffic are all performed in less than one second; and
assessing whether the replayed copied traffic includes a potential security threat to the enterprise network.
3 Assignments
0 Petitions
Accused Products
Abstract
Implementations disclosed herein provide a network agent embodied in firmware and/or software that replays network traffic of an enterprise network to an entity outside of the enterprise network. The network agent selects and processes the network traffic according to certain policies set by the enterprise network or a third party security management system. These policies allow for a capture and replay of high-integrity data that enables threat analysis.
-
Citations
21 Claims
-
1. One or more tangible computer-readable storage media encoding computer-executable instructions for executing on a computer system a computer process, wherein the computer-readable storage media is not a carrier wave or propagating signal and the computer process further comprises:
-
intercepting network traffic of an enterprise network directed to a target destination; copying the intercepted traffic; replaying the copied network traffic outside of the enterprise network to an end destination other than the target destination wherein the intercepting, copying, and replaying of each individual packet of the network traffic are all performed in less than one second; and assessing whether the replayed copied traffic includes a potential security threat to the enterprise network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 20)
-
-
11. A system comprising:
-
memory coupled to a processor; a network agent stored in at least one memory and executable by at least one processor, the network agent configured to; utilize the processor to intercept network traffic of an enterprise network directed to a target destination; copy the intercepted network traffic; and replay the copied network traffic outside of the enterprise network to an end destination other than the target destination wherein the intercepting, copying, and replaying of each individual packet of the network traffic are all performed in less than one second; and a security management module of a managed security service, the security management module stored in memory and executable by at least one processor, wherein the security management module is configured to perform a threat assessment on the copied, replayed network traffic, and wherein the threat assessment provides a first indicator of whether the network traffic includes a potential security threat to the enterprise network. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 21)
-
Specification